On Fri, 25 Feb 2005 04:34 pm, Hannu Väisänen wrote:
> On Fri, Feb 25, 2005 at 10:34:14AM +1100, Chris Samuel wrote:
>> > My suspicion is that you'll either get a connection refused or it will
> > hang until it times out and that you'll find you have iptables running on
> > the server that is blocking it.
>> It hangs and times out.
OK - then something between the mom and the server is dropping those packets,
rather than rejecting them.
> > On the server do:
> >
> > iptables-save
>[rules elided]
Those look fine. There should also be a rule there to accept establish
traffic too I believe ?
I'd suggest an explicit deny and log rule at the end so you can see if there's
something odd happening with the rules.
For instance, my Shorewall config generates the following automatically:
-A net2all -m state --state RELATED,ESTABLISHED -j ACCEPT
-A net2all -j Drop
-A net2all -j LOG --log-prefix "Shorewall:net2all:DROP:" --log-level 6
-A net2all -j DROP
Using policies to drop traffic works, but I don't think you can log anything
then.
You should be append those 3 rules to your iptables-config simply, and
remember to change the table from net2all to RH-Firewall-1-INPUT ! If you
want to make failure more obvious whilst debugging you can change the "Drop"
to "Reject" and "DROP" to "REJECT" to cause the kernel to send the
appropriate ICMP instead.
good luck,
Chris
--
Christopher Samuel - (03)9925 4751 - VPAC Systems & Network Admin
Victorian Partnership for Advanced Computing http://www.vpac.org/
Bldg 91, 110 Victoria Street, Carlton South, VIC 3053, Australia
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.supercluster.org/pipermail/torqueusers/attachments/20050301/2096b94f/attachment.bin